Saturday, August 29, 2015

sql_firewall: a SQL Firewall Extension for PostgreSQL

A few days ago, I had released a brand-new PostgreSQL extension, called "sql_firewall". sql_firewall is intended to protect PostgreSQL database from SQL injection attacks by limiting SQL queries to be executed on the database.

In this entry, I would like to introduce how it works and how to use it.

How sql_fiewall works

The sql_firewall module has three modes as following:
  • Learning mode
  • Permissive mode
  • Enforcing mode